login
Search
DO NOT MISS THE EUROPEAN BSD EVENT OF THE YEAR
==============================================
EuroBSDCon 2007
September 14th - 15th 2007
-------------------------------
The sixth EuroBSDCon - the annual European BSD conference for users
and developers begins Friday September 14th. It's being held at
Symbion Science Park in Copenhagen, Denmark. Come, meet and talk to
BSD people from all over the world.
Program
-------
20+ interesting speakers in a program which includes:
Kirk McKusick: Kirk is the epitome of BSD - an all-time Berkley guy
will talk about the history of the UFS file system.
Sam Leffler: Sam is another of the original BSD people. For a while
he has been working a lot with wireless networks and and his name can
be found in a lot of the open source wireless code. At the conference
he will be talking about long distance wireless.
Marc Balmer: Marc became an active OpenBSD developer in 2004 and has
since be responsible for several prominent OpenBSD projects. At the
conference he will talk about Support for Radio Clocks in OpenNTPD.
Steven Murdoch: Steven is working on computer security research at
Cambridge University and he will be talking about hidden channels
between computers which even the best firewall cannot close.
John Hartmann: Very few if any UNIX people have heard about John
Hartmann, despite the fact that he completed the work Dennis and Ken
started with pipes. John will talk about "CMS pipes" a minor and
cheap entry in the IBM product catalogue which is a radical
generalization of the UNIX pipe concept.
Read more about the speakers and the program on:
http://2007.eurobsdcon.org/talks.html
More information about the tutorials can be found at:
http://2007.eurobsdcon.org/tutorials.html
Prices
------
The conference costs 1800 DKK for 2 days.
It is also possible to register for a social event which will take
place on Friday night or register for the ...Stephanie for OpenBSD 3.6 is released
-------------------------------------
Introduction
------------
Stephanie is an OpenBSD hardening package. It's compiled of kernel and
userland patches that when used add several security features. In this
version included are:
- Vexec: Verify file integrity before executing/opening it.
- TPE: Prevent untrusted users executing files in untrusted locations.
- Privacy: Privacy extensions, in-kernel and userland.
What's new?
-----------
- Vexec: Mostly rewritten. Now uses hash tables to store data,
introducing O(1) performance in best case and O(n) where 'n' is
number of inodes that produce same hash on a given device in worst
case.
Noting the recent collision discovery in SHA-0, it's worth
mentioning that Vexec offers 6 hash types (MD5, SHA1, SHA256,
SHA384, SHA512, and RMD160 - all hash types supported by the OpenBSD
3.6 kernel) and it's design allows easy extensions for adding new
hash types, if required. (read NEW_HASH)
- Privacy: More privacy features. Namely, there are hooks in netstat,
w, who, last, and finger. The output is filtered according to the
features status.
- The trustcheck(2) syscall has been removed; now interaction with
Stephanie's settings - including trust status of current process -
is done solely using sysctl.
License
-------
Stephanie for OpenBSD 3.6 is mostly a rewrite. BSD-licensed code from
NetBSD and Brett Lymn is no longer in use, so Stephanie moves to an
ISC-style license, available in
http://ethernet.org/~brian/Stephanie/doc/LICENSE
Download
--------
Stephanie for OpenBSD 3.6 can be downloaded from its official homepage
at http://ethernet.org/~brian/Stephanie/
Support
-------
Please mail me with any questions, comments, bugs, and feedback in
general. Remember - DO NOT MAIL OPENBSD MAILING LISTS WITH QUESTIONS
ABOUT STEPHANIE! unless you really want to. Anyway, CC me if you do.
Make sure you've read stephanie(7) ...OpenSSH 5.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We have also recently completed another Internet SSH usage scan, the results of which may be found at http://www.openssh.com/usage.html Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html The focus of this release has been on bugfixes as the previous openssh-5.1 release introduced many new features and made some invasive changes. Changes since OpenSSH 5.1 ========================= Security: * This release changes the default cipher order to prefer the AES CTR modes and the revised "arcfour256" mode to CBC mode ciphers that are susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". * This release also adds countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack. We believe that these attacks are rendered infeasible by these changes. New features: * Added a -y option to ssh(1) to force logging to syslog rather than stderr, which is useful when running daemonised (ssh -f) * The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server. * The ssh(1) ~C escape commandline now support ...
Go and get it! (Please remember to check the primary mirrors
please -- thanks)
------------------------------------------------------------------------
- OpenBSD 3.8 RELEASED -------------------------------------------------
Nov 1, 2005.
We are pleased to announce the official release of OpenBSD 3.8.
This is our 18th release on CD-ROM (and 19th via FTP). We remain
proud of OpenBSD's record of eight years with only a single remote
hole in the default install. As in our previous releases, 3.8
provides significant improvements, including new features, in nearly
all areas of the system:
- Improved hardware support, including:
o New aps driver for the built-in accelerometer found in some IBM ThinkPad laptops.
o New art driver for Accom Networks Artery T1 and E1 cards.
o New auixp driver for the ATI IXP series integrated AC'97 audio controller.
o Basic RAID management using bioctl(8) in the ami(4) MegaRAID driver.
o New ciss driver for Compaq Smart ARRAY 5 and 6 RAID controllers.
o New epic driver for SMC 83C170 ethernet adapters.
o New ichwdt driver for Intel 6300ESB ICH watchdog timer.
o New pcn driver for the AMD Am79c97x (PCnet) ethernet adapters.
o New safte driver for SCSI Accessed Fault-Tolerant Enclosures, and a rewritten
ses driver for SCSI Enclosure Services, both allowing monitoring through
sysctl and sensorsd.
o New ueagle driver for Analog Devices Eagle ADSL modems.
o New uipaq driver for iPAQ USB serial.
o New viasio driver for VIA VT1211 LPC Super I/O hardware sensors.
o New zaudio driver for the built-in Zaurus audio CODEC.
o Improved com driver for serial port PCMCIA cards, such as cellular modems
on Zaurus.
o Improved support for many umass devices.
o Updated driver from X.Org for the Intel i810 family graphics chipset,
including support for the external VGA output on laptops.
- New tools:
o bioctl(8), a RAID management interface.
o ipsecctl(8), a simple IPsec management tool.
o stat(1), ...OpenSSH 5.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html This is a major feature and bugfix release. Changes since OpenSSH 5.3 ========================= Features: * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand ...
------------------------------------------------------------------------
- OpenBSD 4.1 RELEASED -------------------------------------------------
May 1, 2007.
We are pleased to announce the official release of OpenBSD 4.1.
This is our 21st release on CD-ROM (and 22nd via FTP). We remain
proud of OpenBSD's record of ten years with only two remote
holes in the default install. As in our previous releases, 4.1
provides significant improvements, including new features, in nearly
all areas of the system:
- New/extended platforms:
o OpenBSD/landisk.
Various SH4-based appliances, made by IO-Data and resold by
Plextor.
o OpenBSD/sparc64.
UltraSPARC III based machines are supported even better, and
now run at full speed!
- Improved hardware support, including:
o New USB client controller support:
o Support for the USB client functionality in the pxaudc(4)
driver on the Zaurus.
o New usbf(4) midlayer for USB Client controllers.
o New cdcef(4) driver for providing a CDCE function on USB
client controllers.
o New cas(4) driver for Sun Cassini 10/100/Gigabit Ethernet devices.
o New uow(4) driver for Maxim/Dallas DS2490 USB 1-Wire devices.
o New owsbm(4) driver for 1-Wire smart battery monitor devices.
o New zyd(4) driver for ZyDAS ZD1211/ZD1211B USB IEEE 802.11b/g
wireless network devices.
o New moscom(4) driver for MosChip Semiconductor MCS7703 based USB
serial adapters.
o New glxsb(4) driver for hardware random numbers and AES
acceleration on the AMD Geode LX processor.
o New vic(4) driver for VMware VMXnet Virtual Interface Controllers.
o New malo(4) driver for Marvell Libertas IEEE 802.11b/g wireless
network devices.
o New pwdog(4) driver for Quancom PWDOG1 watchdog timer devices.
o New uberry(4) driver for Research In Motion Blackberry devices.
o New mbg(4) driver for Meinberg Funkuhren radio clocks.
o New ...OpenSSH 5.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We have also recently completed another Internet SSH usage scan, the results of which may be found at http://www.openssh.com/usage.html Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Changes since OpenSSH 5.0 ========================= Security: * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly other platforms) when X11UseLocalhost=no When attempting to bind(2) to a port that has previously been bound with SO_REUSEADDR set, most operating systems check that either the effective user-id matches the previous bind (common on BSD-derived systems) or that the bind addresses do not overlap (Linux and Solaris). Some operating systems, such as HP/UX, do not perform these checks and are vulnerable to an X11 man-in-the-middle attack when the sshd_config(5) option X11UseLocalhost has been set to "no" - an attacker may establish a more-specific bind, which will be used in preference to sshd's wildcard listener. Modern BSD operating systems, Linux, OS X and Solaris implement the above checks and are not vulnerable to this attack, nor are systems where the X11UseLocalhost has been left at the default value of "yes". Portable OpenSSH 5.1 avoids this problem for all operating systems by not setting SO_REUSEADDR when X11UseLocalhost is set to no. This vulnerability was reported by sway2004009 AT hotmail.com. New features: * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and ...
We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. ------------------------------------------------------------------------ - OpenBSD 3.4 RELEASED ------------------------------------------------- Nov 1, 2003. We are pleased to announce the official release of OpenBSD 3.4. This is our 14th release on CD-ROM (and 15th via FTP). We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system: - Ever-improving security (http://www.OpenBSD.org/security.html) o W^X (pronounced: "W xor X") improvements, especially on the i386 architecture. Native i386 binaries have their executable segments rearranged to support isolating code from data, and the cpu CS limit is used to impose a best effort limit on code execution. o ld.so on ELF platforms now loads libraries in a randomized order. Furthermore, on the i386 architecture, libraries and executable code are mapped at random addresses. Together with W^X and ProPolice, these changes increase the difficulty of successfully exploiting an application error. o A static bounds checker has been added to the system compiler, designed to detect improper use of string and buffer manipulation functions. Through use of this checker, hundreds of bugs of in the source and ports trees were found and fixed. o Privilege separation has been implemented for the syslog daemon, making it much more robust against future errors. The child which listens to network traffic now runs as a normal user and chroots itself, while the parent process tracks the state of the child and performs privileged operations on its behalf. o Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have ...
------------------------------------------------------------------------ - OpenBSD 3.5 RELEASED ------------------------------------------------- May 1, 2004. We are pleased to announce the official release of OpenBSD 3.5. This is our 15th release on CD-ROM (and 16th via FTP). We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system: - Ever-improving security (http://www.OpenBSD.org/security.html) o New ptm device (see pty(4)) that allows non-privileged processes to allocate a properly-permissioned pty. As a result any process can now open a pty easily, meaning xterm(1) and xconsole(1) are no longer setuid root. (In 3.4 they were setuid root, but privilege revoking). o malloc(3) chunk randomization and guard pages. This helps to detect out-of-bounds reads and writes. o Privilege separation added to allow complex operations to occur in an untrusted, unprivileged process, resulting in much greater security for the following processes: - isakmpd(8) - named(8) (Previously privilege revoking, but this had a small breakage). - pflogd(8) - tcpdump(8) o Many improvements and bug fixes in the ProPolice stack protector. Several other code generation bugs for RISC architectures were also found and fixed. - Improved hardware support (http://www.OpenBSD.org/plat.html) o New hardware platforms: - OpenBSD/amd64 Supporting the AMD64 architecture natively, with full 64-bit support, 8 extra registers in the architecture to significantly increase performance, and a memory management Non-Executable bit that permits full W^X support. - OpenBSD/cats Our first entry in the ARM-cpu landscape. We intend to use this as a development platform for something else we plan for the ...
OpenSSH 4.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support of the project, especially those who contributed source, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.1: ============================ - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified. - SECURITY: sshd in OpenSSH versions prior to 4.2 allow GSSAPI credentials to be delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it. This behaviour has been changed in OpenSSH 4.2 to only delegate credentials to users who authenticate using the GSSAPI method. This eliminates the risk of credentials being inadvertently exposed to an untrusted user/host (though users should not activate GSSAPIDelegateCredentials to begin with when the remote user or host is untrusted) - Added a new compression method that delays the start of zlib compression until the user has been authenticated successfully. The new method ("Compression delayed") is on by default in the server. This eliminates the risk of any zlib vulnerability leading to a compromise of the server from unauthenticated users. NB. Older OpenSSH (<3.5) versions have a bug ...
OpenSSH 4.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.5: ============================ * sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. * The following bugs have been fixed in this release: - Clear SIGALRM when restarting due to SIGHUP. Prevents stray signal from taking down sshd if a connection was pending at the time SIGHUP was received - sftp returned a zero exit status when upload failed due to write errors (bugzilla #1252) - fixed an inconsistent check for a terminal when displaying scp progress meter (bugzilla #1265) - Parsing of time values in Match blocks was incorrectly applied to the global configuration (bugzilla #1275) - Allow multiple forwarding options to work when specified in a PermitOpen directive (bugzilla #1267) - Interoperate with ssh.com versions that do not support binding remote port forwarding sessions to a hostname (bugzilla #1019) * Portable OpenSSH bugs fixed: - "hang on exit" when background processes are running at the time of exit on a ttyful/login session (bugzilla #52) - Fix typos in the ...
------------------------------------------------------------------------
- OpenBSD 4.5 RELEASED -------------------------------------------------
May 1, 2009.
We are pleased to announce the official release of OpenBSD 4.5.
This is our 25th release on CD-ROM (and 26th via FTP). We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.
As in our previous releases, 4.5 provides significant improvements,
including new features, in nearly all areas of the system:
- New/extended platforms:
o Initial ports to the xscale based gumstix platform and the ARM
based OpenMoko
o OpenBSD/sparc64
o New vdsk(4) and vnet(4) drivers provide support for virtual
I/O between logical domains on Sun's CoolThreads servers,
including UltraSPARC T2+ machines.
o Workstations and laptops with UltraSPARC IIe CPUs can now scale
down the CPU frequency to save power.
- Improved hardware support, including:
o Several new/improved drivers for sensors, including:
o The cac(4) driver now has bio and sensor support.
o The mpi(4) driver now has bio and sensor support.
o New gpiodcf(4) driver for DCF77/HBG timedelta sensors
through GPIO pins.
o New schsio(4) driver for SMSC SCH311x LPC Super I/O devices.
o The it(4) driver now supports IT8720F chips.
o The it(4) driver now supports FAN4 and FAN5 sensors for
IT8716F/IT8718F/IT8720F/IT8726F chips.
o The owtemp(4) driver now supports Maxim/Dallas DS18B20 and
DS1822 temperature sensors.
o The km(4) driver now supports AMD Family 11h
processors (Turion X2 Ultra et al).
o The lm(4) driver now supports W83627DHG attachment on the ICC bus.
o The lmenv(4) driver now has better support for the fan sensors
on lm81, adm9240 and ds1780 chips.
o The sdtemp(4) driver now supports ST STTS424 chips.
o The em(4) driver now supports ICH9 IGP M and IGP M ...EuroBSDcon 2008: Family Meeting
The European BSD Conference, October 18-19th 2008, Strasbourg, France
FreeBSD, NetBSD, OpenBSD, MacOS X, DragonFlyBSD, PC-BSD, DesktopBSD: Are you
doing interesting things with one of these BSD based operating system?
Anything hot you are working on? Come to Strasbourg and talk about it!
EuroBSDCon is a conference for users and developers on BSD based systems. We
are looking for papers about all aspects of BSD based operating systems
especially if you can tell our audience something new about:
* Products embedding BSD systems
* Desktop computing with BSD systems
* BSD based products, how, why, what
* How you are reworking ports pkgsrc
* What are the BSD developers working on now
* Virtualizing BSD based systems
* Installing BSD system on your coffee machine
* File systems, networking, security, and general kernel hacking
* Tools for monitoring, measuring, debugging, and optimizing BSD systems
* The science and art of open source programming
Extended abstract (two A4 pages) in English, with an outline of your proposed
talk, a few keywords and a bit about yourself should be sent to us by email at
pc@eurobsdcon.org before June 1st 2008.
If you are interested in presenting a tutorial, please let us know.
Practical Information
Speakers attend the conference for free and we will reimburse speakers travel
and lodging if nobody else will pay for it. We will aim to finalize the
program and notify the selected speakers by July 1st 2008. All speakers will
be expected to produce a final paper and electronic files for the conference
web site by September 15th, 2008.
We will not waste money and trees on printed proceedings but will distribute
the conference material electronically and expect to receive your final slides
no later than 4 weeks before the conference. Please let us know if you want
to include other materials (articles, HOWTO etc). All papers should be
considered ...The BSDCon 2003 Program Committee invites you to contribute original
and innovative papers on topics related to BSD-derived systems and the
Open Source world. Topics of interest include but are not limited to:
* Embedded BSD application development and deployment
* Real world experiences using BSD systems
* Using BSD in a mixed OS environment
* Comparison with non-BSD operating systems; technical,
practical, licensing (GPL vs. BSD)
* Tracking open source development on non-BSD systems
* BSD on the desktop
* I/O subsystem and device driver development
* SMP and kernel threads
* Kernel enhancements
* Internet and networking services
* Security
* Performance analysis and tuning
* System administration
* Future of BSD
For more information about the BSDCon 2003 Call for Papers, visit:
http://www.usenix.org/events/bsdcon03/cfp/
Submissions in the form of extended abstracts are due by April 1,
2003. Be sure to review the extended abstract expectations before
submitting. Selection will be based on the quality of the written
submission and whether the work is of interest to the community. For
detailed author guidelines, including sample extended abstracts and
final papers visit:
http://www.usenix.org/events/bsdcon03/cfp/guidelines.html
We look forward to receiving your submissions!
Sincerely,
Gregory Neil Shapiro
BSDCon 2003 Program Chair
=====================================================================
To send mail to Greg Shapiro, please use bsdconchair@usenix.org
=====================================================================
Dear Colleagues: I would like to invite all those who have not registered for the USENIX AsiaBSDCon (March 13-14) to do so at our website: http://www.asiabsdcon.org It contains the conference schedule and updated information as we go along with activities. The conference hotel is very inexpensive at NTD$800 for single rooms and NTD$1200 for double rooms, with free built-in wireless networking. (1 USD ~= 35 NTD) ================= Tutorials: Greg Lehey: BSD Kernel Debugging Ex-core team member for FreeBSD. FreeBSD, NetBSD committer OpenFoundry Tutorial Lawrence Hughes: OpenBSD - Install/Networking/Web/SMTP/Security Co-Founder Infoweapons.com ================= Speeches: Sam Leffler: "Cryptographic Device Support for FreeBSD" "Next Generation Wireless Support for the Open Source Community" (2 speeches) Ex-Berkeley CSRG member who helped to develop the original BSD M. Warner Losh: "State of the Art Precision Time-Keeping Embedded Systems" FreeBSD Core Team Member, Timing.com Senior Engineer Kenjiro Cho: "Fitting Theory into Reality in the ALTQ Case" Sony CS Labs. Japan Junichiro "itojun" Hagino: "Implementing IPV6: Expereiences at the KAME Project" ex-NetBSD core team member, IIJ Labs. Robert Watson: "Advances in Secure OS Practices (TrustedBSD) FreeBSD Core Team member, NAI Labs Inc. Lawrence Hughes: "The Design and Implementation of Secure Internet Appliances" Co-Founder Infoweapons.com Jeffrey Hsu: "Concepts, Theory, and Implementation of DragonflyBSD" ++++++++++++++++++ We have invited several distinguished members of the BSD community to the USENIX AsiaBSDCon. The conference has no admission nor registration fees. It is located at the Academia Sinica Activity Center, Taipei, Taiwan, taking place from March 14 to 15. Parking is free with advanced ...
------------------------------------------------------------------------
- OpenBSD 4.4 RELEASED -------------------------------------------------
Nov 1, 2008.
We are pleased to announce the official release of OpenBSD 4.4.
This is our 24th release on CD-ROM (and 25th via FTP). We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.
As in our previous releases, 4.4 provides significant improvements,
including new features, in nearly all areas of the system:
- New/extended platforms:
o OpenBSD/sparc64.
Fujitsu's SPARC64-V, SPARC64-VI and SPARC64-VII processors are supported
now, which means that many of the PRIMEPOWER machines and the SPARC
Enterprise M4000/M5000/M8000/M9000 work now.
Sun's UltraSPARC VI processors are supported now. Many of Sun's
mid-range and high-end servers with these processors or UltraSPARC III
and UltraSPARC III+ processors work now.
Sun's UltraSPARC T1 and UltraSPARC T2 processors are supported now,
which means the sun4v architecture is now supported and machines like
the SPARC Enterprise T1000 and SPARC Enterprise T5220 work now.
o OpenBSD/socppc.
For machines based on the Freescale MPC8349E
System-on-Chip (SoC) platform that use Das U-Boot as a boot loader.
o OpenBSD/landisk: added shared libraries support.
- Improved hardware support, including:
o Several new/improved drivers for sensors: fins(4), andl(4), it(4),
kate(4), sdtemp(4), lmtemp(4), adt(4), km(4).
o Support for Intel G33 and G35 chipsets in agp(4).
o New lii(4) driver for Attansic L2 10/100 Ethernet devices.
o Preliminary support for UVC USB webcams: uvideo(4) and video(4).
o WPA/WPA2-PSK support for several models of wireless cards.
o Openchrome(4) and geode(4) video card drivers for X.Org.
o New vmt(4) driver, implements VMware Tools.
o New auglx(4) driver for AMD Geode LX CS5536 integrated AC'97 ...OpenSSH 4.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.3: ============================ Security bugs resolved in this release: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. This release includes the following new functionality and fixes: * Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post- authentication options are supported and more are expected to be ...
The OpenSSH project turns five years old ---------------------------------------- Five years ago, in late September 1999, the OpenSSH project was started. It began with an audit, cleanup and update of the last free version of Tatu Ylonen's legacy ssh-1.2.12 code. The project quickly gathered pace, attracting a portability effort and, in early 2000, an independent implementation of version 2 of the SSH protocol. Since then, OpenSSH has led in the implementation of proactive security techniques such as privilege separation & auto-reexecution. The free software community were rapid adopters of OpenSSH, with most free operating systems shipping OpenSSH within its first year of existence. Over the last five years OpenSSH has become the most widely used SSH protocol implementation (by a large margin) and has been included in products from major vendors including IBM, Apple, HP, Sun, Cisco and NetScreen. Today, OpenSSH runs on everything from mobile phones to Cray supercomputers. In providing a free, popular and easy to use secure login and command execution protocol OpenSSH has been instrumental in speeding the deprecation of insecure protocols like telnet and rlogin. The OpenSSH team would like to thank all those who have supported the project over the last five years, including individuals and vendors who have donated funds or hardware. An extra special thanks to those who have reported bugs or sent patches to the project. OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice. http://www.openssh.com/
Hello,
The registration for the anual Swiss Unix Conference has been
opened. The online registration form can be found at:
https://www.suug.ch/sucon/04/register.html
If you register before August 9 you can benefit from early bird
registration discounts and save 40% on all fees and additionaly
get the chance to win O'Reilly books.
SUCON'04 - 2nd Swiss Unix Conference
September 2-4, 2004
Technopark, Zurich
http://www.sucon.ch/
Some BSD highlits:
Poul-Henning Kamp
Old mistakes repeated (but you do get the source code now):
UNIX is the best operating system ever designed so
everybody is running UNIX on their computer, right ?
This presentation takes a partisan looks a why UNIX
never became a big success in the eighties, failed to
win the market in the nineties, and still struggles in
the market in the new millenium. Poul-Henning will take
a critical look at the mistakes of the past and the
mistakes of the present and try to make it really clear
what needs to happen for UNIX to become a real success.
Hubert Feyrer
NetBSD Status Report Fall 2004
As a follower of the Berkeley 4.4BSD Unix operating
system, NetBSD is the oldest Open Source operating
system project under development today. With it's focus
on portability to a wide range of hardware, NetBSD is
equally good for running on desktop PCs, various server
hardware as well as a wide range of contemporaty
handheld and embedded devices. A lot has happened since
the project started, and with finally reaching the
NetBSD 2.0 release after more than 10 years, this talk
will give an overview of the past events from both
technical and project administrative point of view,
introduce where the NetBSD project stands today and what
some of the plans for the future are.
Henning ...OpenNTPD 3.7 has just been released. It will be available from the mirrors listed at http://www.openntpd.org/ shortly. This is our third formal release. OpenNTPD is a FREE, easy to use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. OpenNTPD is developed as part of the OpenBSD project, which sells CDs, T-Shirts, and Posters. Sales of these items help to fund development. For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Checksums: ========== MD5 (openntpd-3.7.tgz) = a936e5aaeee65b54c43e6ddf6dfb1f44 MD5 (openntpd-3.7p1.tar.gz) = 10ed8eefd760e5819efcf3277b118f47 Reporting Bugs: =============== - please read http://www.openbsd.org/report.html OpenNTPD is brought to you by Henning Brauer, Darren Tucker and Theo de Raadt.
------------------------------------------------------------------------
- OpenBSD 3.7 RELEASED -------------------------------------------------
May 19, 2005.
We are pleased to announce the official release of OpenBSD 3.7.
This is our 17th release on CD-ROM (and 18th via FTP). We remain
proud of OpenBSD's record of eight years with only a single remote
hole in the default install. As in our previous releases, 3.7
provides significant improvements, including new features, in nearly
all areas of the system:
- New platforms:
o OpenBSD/zaurus
Expanding the arm porting effort by supporting the
Sharp Zaurus SL-C3000, bringing a secure ssh-capable machine
to your pocket.
o OpenBSD/sgi
Starting out support with the SGI O2 machines.
- Support for a number of much faster 64-bit machines (in 32-bit
mode) in the OpenBSD/hppa port.
- Many enhancements in the OpenBSD/mac68k port:
o Switch to a bsd.rd-based install.
o Improved interrupt system.
o Create partitions with pdisk(8).
o Add mc(4) support and enhance zsc(4) support.
- New tools:
o ospfd(8), implementing the OSPFv2 routing protocol.
o getcap(1), providing easy access to the capability database.
- New functionality:
o Repaired mirroring mode in ccd(4).
o Privilege separation for ftpd(8)
o Bash-style prompt expansion and POSIX hex and octal constants
in ksh(1).
o Improved TCP send performance.
o Reentrant getproto*_r(3) and getserv*_r(3) functions.
o In-kernel pppoe(4) support.
o pim(4) (Protocol Independent Multicast) support added.
- Improved hardware support, including:
o New ath(4) driver for Atheros IEEE 802.11a/b/g wireless
network adapters.
o New iwi(4) driver for Intel PRO/Wireless 2200BG/2225BG/2915ABG
IEEE 802.11a/b/g wireless network adapters.
o New ipw(4) driver for Intel PRO/Wireless 2100 IEEE 802.11b
wireless network adapters.
o New atu(4) driver for Amtel AT76C50x USB IEEE 802.11b
wireless network adapters.
o ...The OpenBSD .PT user group will be holding their fifth meeting open to all enthusiasts, newcomers and others. Pedro Martelletto, brazilian developer will give a talk about OpenBSD and joining us earlier before we leave to What The Hack, in the Netherlands. Past meetings haven't produced the amount of relevant work to the project as we would like but hey... we will eventually get there, some day. Besides that, we always have a lot of fun, technical discussions, good bandwidth, sell some CD's and stuff, etc. There will also be a special workshop on deploying honeypots by the Honeynet-PT team. This will be a two day event at the Laboratory for Advanced Computation of the University of Coimbra. Days 23th and 24th, July 2005. Free Entrance. Bring your computer and stuff. Cya there! http://www.openbsd-pt.org/eventos/coimbra05/ http://www.honeynet-pt.org -- nuno
The latest sparc64 snapshot going out to the mirrors now contains new support for running X on sparc64 consoles. Some stuff doesn't quite work yet, but that's the nature of a huge brand new feature... What works: Framebuffers: pci: vga (ATI) framebuffers (must be prom console) sbus: cgsix, cgthree Keyboards: usb: sun type 6 sbus: sun type 3/4/5/6 on zs pci: sun type 3/4/5/6 on com Mice: usb: any usb mouse will do sbus: sun on zs pci: sun on com What doesn't work: - accelerated X servers - xdm (coredumps) [xinit or startx can be used to start the server] - ico (hangs X server) - probably more stuff like this... I'm interested in having folks help find and fix problems in X, which is why the snapshot is going out now... So, if you've been wanting X on your OpenBSD/sparc64 machine, grab the snapshot and start sending patches... --Jason L. Wright
Puget Sound Technology is teaching fundamentals of BSD system administration, Sept. 16 - 19, in the Seattle, Washington, USA area. The class will focus on generic BSD Unix skills while mainly being taught using OpenBSD. The four-day, hands-on training will include: - operating system installation - starting and stopping system services - file system hierarchy - user and group management - basics of networking - installing third-party software - system logging - customizing the kernel - intro to Postfix and SMTP - setting up BIND for DNS services - Apache web server basics - and various other skills To enroll in this class or for further details, please see: http://www.pugetsoundtechnology.com/training/bsd-admin/ (Discount available for early payment.) Jeremy C. Reed http://bsd.reedmedia.net/
Gui quy ban doc! The Transport Journal Online la kenh thong tin chuyen nganh Giao thong van tai Viet Nam. The Transport Journal Online gioi thieu toan canh ve cac linh vuc Giao thong van tai: hang hai, hang khong, duong sat, duong bo, duong thuy, dong tau, du an & quan ly du an va dang kiem... cua Nganh Giao thong van tai Viet Nam va quoc te. The Transport Journal Online lien tuc cap nhat nhung tin tuc va hoat dong tren cac linh vuc Giao thong van tai - Dong thoi cung cap cho cac doanh nghiep nhung dich vu: quang ba thuong hieu, giao dich truc tuyen, nghien cuu thi truong... Ban co the truy cap tai dia chi http://www.transportjournal.com.vn Muon xem day du thong tin ban can dang ky de nhan duoc Ten truy cap va Mat khau. Dang ky tai day Ban bien tap THE TRANSPORT JOURNAL ONLINE Tel : +84. 8. 8239645 Fax : +84. 8. 6126265 E-mail : info@transportjournal.com.vn Website : http://www.transportjournal.com.vn
The registration to EuroBSDcon2007 is open now:
http://2007.eurobsdcon.org/shop.html
300DKK early bird discount until July 1st.
The conference price is 1800 DKK (EUR 240) a bit higher than we
wanted, but we have managed to secure very cheap lodging, Youth
Hostel style, at only 165 DKK, (EUR 22) per night.
Check out the talks and tutorials on our web-page:
http://2007.eurobsdcon.org
See you in Wonderful Copenhagen, september 14-15 2007!
(And don't miss the trip to LEGOLand!)
=============================
EuroBSDcon2007 Poster Session
=============================
EuroBSDcon2007 will not have a "Work In Progress" session, it will have
poster session instead, possibly two, if we get many poster presenters.
The way it works is simple: During the lunch break the poster presenter
gets a place to stand with his poster, and people wander around looking
for stuff that interests them and the poster presenter makes his pitch
to who ever stops by.
Rules of the game:
------------------
Topics:
Any moderately BSD related topic is fair game.
You must be this tall:
Proposals will be accepted or rejected solely on the graphical
quality of the poster.
A number of slots will be reserved for students.
Registration:
To get a slot, send email to <posters@eurobsdcon.dk> with:
Your name & email address
Topic of poster (1 paragraph)
URL to pdf or photo of your poster
Do not attach the pdf or photo to the email, just
include a URL to it!
It's OK to update your poster after I have seen it.
Deadline:
Right before I run out of slots.
Do I get free transportation, entrance to the conference etc ?
Sorry, we can't afford that (unless a sponsor volunteers)
Web-site:
If you want your poster on the web-site with the other conference
material, make sure to send us the final PDF version.
Poster size:
...USENIX BSDCon '03, September 8-13, 2003, San Mateo, CA
Register before August 18th and save $150
Once again BSDCon showcases the BSD community's long history of
innovative research, open exchange of ideas, and collaborative work.
Don't miss it!
WHAT: BSDCon '03
WHEN: September 8-13, 2003
WHERE: San Mateo, CA, San Mateo Marriott
WHO: Developers, SysAdmins, Researchers using any BSD Operating
System
WHY: To learn, to share, to create the future of BSD development
HOW: http://www.usenix.org/events/bsdcon03/
Two days of TUTORIALS including: Kirk McKusick will lead an
"Intensive Code Walkthrough" of the new BSD 5.x release, Greg Lehey
will be debugging kernel problems on live systems, Mike
DeGraw-Bertsch will teach advanced BSD system and network security,
and Poul-Henning Kamp will familiarize you with FreeBSD's new GEOM
disk I/O subsystem.
Two and a half days of PAPERS and INVITED TALKS including:
ULE: A Modern Scheduler for FreeBSD
-Jeff Roberson, The FreeBSD Project
An Automated Binary Security Update System for FreeBSD
-Colin Percival, Computing Lab, Oxford
Cryptographic Device Support for FreeBSD
-Samuel J. Leffler, Errno Consulting
Enhancements to the Fast Filesystem to Support Multi-Terabyte
Storage Systems
-Marshall Kirk McKusick, Author and Consultant
Running BSD Kernels as User Processes by Partial Emulation and
Rewriting of Machine Instructions
-Hideki Eiraku and Yasushi Shinjo, University of Tsukuba
Social and Technical Implications of Nonproprietary Software
-Peter G. Neumann, Principal Scientist, Computer Science Laboratory,
SRI International
Post-Digital Possibilities
-Michael Hawley, Massachusetts Institute of Technology
BIRDS-OF-A-FEATHER SESSION and WORK-IN-PROGRESS REPORTS give you a
preview of next year's news, or present fledgling work of your own
and get feedback from the audience.
For more information and to register for USENIX BSDCon '03 visit:
http://www.usenix.org/bsdcon03/
The OpenBSD Foundation is pleased to announce today it has completed
its organization as a Canadian federal non-profit corporation and is
ready for public interaction.
The OpenBSD Foundation has been formed for the purpose of supporting
the OpenBSD project, and related projects such as OpenSSH, OpenBGPD,
OpenNTPD, and OpenCVS.
In particular it will act as a single point of contact for persons and
organizations requiring a legal entity to deal with when they wish to
support OpenBSD in any way.
The OpenBSD Foundation will initially concentrate on facilitating
larger donations of equipment, funds, documentation and
resources. Small scale donations should continue to be submitted
through the existing mechanisms.
The OpenBSD Foundation corporate charter, bylaws, and goals can be found at
http://www.openbsdfoundation.org. The foundation directors may be contacted
via email at directors@openbsdfoundation.org.
http://consumergiftgroup.co.uk/x/NTM5MTc3NA==|MjI1Mzk5MQ==|YW5ub3VuY2VAb3BlbmJzZC5vcmc=|MTI4MDI0Mw==|NDA5|MzU4NzQ=|NTI5ODY=|MjYxNDY=||MA==|MA==|||NDUyNzY0Nw==|NDczMDQ=|MQ==|MA==|MA==|Ug==.html
Hi folks, A reminder that BSDCan 2006 is just two weeks away. Our schedule has been announced <http://www.bsdcan.org/2006/schedule.php> and we're putting the finishing touches on the social calendar. We have a great line up of talks and bofs ready for you. Be sure to get in on the biggest BSD event of the year! As is tradition, you can pick up your registration pack at the Royal Oak pub. Stay for a pint or two and have dinner with us. If you have any questions, please ask. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php
BSDCan 2007 will be will be held on 18-19 May 2007 at University of Ottawa. Tutorials will be held on 16-17 May 2007. This is one week later than previously announced. http://lists.bsdcan.org/pipermail/bsdcan-announce/2006-October/000021.html -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php
BSDCan is pleased to announce the first Canadian BSD conference. It will be held May 13-16, 2004 in Ottawa, Canada. BSDCan would like to invite everyone interested in BSD to submit papers. For details, please see http://www.bsdcan.org/papers.php. We plan to keep costs to a minimum. As such, the conference will be held at University of Ottawa and accommodation is available within the University residences. Hotels are also within close walking distance of the conference venue. The conference venue is within walking distance of the Byward Market, a great section of town for bars and pubs. This will be a popular meeting area for the BOFs. Attendees should find Ottawa cheaper than most other conference venues with many things to do and see away from the conference. -- Dan Langille : http://www.langille.org/
O'Reilly is looking for proposals for "lightning talks" -- 5 minute presentations to be given at the O'Reilly Open Source Convention. There's no separate BSD track at the convention this year, so this is a good way to bring in BSD material. Interested? Visit the link below.
NYCBUG monthly meeting Wednesday, March 2nd Manhattan NY, USA 6 pm, Soho Apple Store at 103 Prince Street [1] Michael "Mickey" Shalayeff will talk about the hppa port of OpenBSD which he maintains. He maintains many of the applications which run on this peculiar platform and will provide some insight to the inquisitive as to what this combo can do. Mickey has contributed heavily to the CARP project which has become such a success. It is hard to find some code which Michael has not at least influenced in OpenBSD. He seems to be dextrous on any hardware platform and is equally well versed in PCI as he is SCSI. Mickey is readily available on the message lists and is always happy to help impart some of his vast networking knowledge to beggars and sysadmins with a smile (; You can read more about OpenBSD on PA-RISC at http://openbsd.org/hppa.html [1] (SOHO is yuppie-land, not hippie-land as some of you may have been led to believe) * * * * * NYC*BUG tshirts will also be in. We will be selling them for $15. Each has the NYC*BUG logo on the left front breast, and a customized dmesg trailing down the back of the shirt. Anyone who donates $50 or more to the OpenBSD Hackathon Fundraiser will receive a tshirt for free. These tshirts are hot. And supporting the OpenBSD Hackathon Fundraiser, which is responsible for so many innovations in *BSD Land and beyond, is hotter. * * * * *
The BSDCon 2003 Program Committee invites you to contribute original
and innovative papers on topics related to BSD-derived systems and
the Open Source world. Topics of interest include but are not limited
to:
* Embedded BSD application development and deployment
* Real world experiences using BSD systems
* Using BSD in a mixed OS environment
* Comparison with non-BSD operating systems; technical,
practical, licensing (GPL vs. BSD)
* Tracking open source development on non-BSD systems
* BSD on the desktop
* I/O subsystem and device driver development
* SMP and kernel threads
* Kernel enhancements
* Internet and networking services
* Security
* Performance analysis and tuning
* System administration
* Future of BSD
For more information about the BSDCon 2003 Call for Papers, visit:
http://www.usenix.org/events/bsdcon03/cfp/
Submissions in the form of extended abstracts are due by April 1, 2003.
Be sure to review the extended abstract expectations before submitting.
Selection will be based on the quality of the written submission and
whether the work is of interest to the community. For detailed author
guidelines, including sample extended abstracts and final papers
visit:
http://www.usenix.org/events/bsdcon03/cfp/guidelines.html
We look forward to receiving your submissions!
Sincerely,
Gregory Neil Shapiro
BSDCon 2003 Program Chair
The Book of PF by Peter N.M. Hansteen. Book blurb: The Book of PF is a practical, how-to guide to building the network you need with the powerful BSD Packet Filter, PF. From simple NAT to load balancing, queues, and more, there's something for every BSD admin. http://www.nostarch.com/pf.htm This book has now been printed and is in transit or already arrived at your favorite computer book store. We would also like to announce it's availablity on the OpenBSD website, where part of the proceeds goes to help support the project: http://www.openbsd.org/orders.html
Hello folks, I'm writing to remind you that the deadline for the Call For Papers is one week away. Please get your submissions in before that date. You don't want to miss out presenting at the biggest BSD event of the year. BSDCan 2006 will be held May 12-13, 2005, in Ottawa at University of Ottawa. We are now requesting proposals for papers. The papers should be written with a very strong technical content bias. Papers and proposals of a business development or marketing nature are not appropriate for this venue. The schedule is: 19 Dec 2005 Proposal acceptance begins 19 Jan 2006 Proposal acceptance ends 19 Feb 2006 Confirmation of accepted proposals 19 Mar 2006 Abstracts due 19 Apr 2006 Formatted final papers must arrive no later than this date Please submit all proposals to papers@bsdcan.org NOTE: This is the schedule for formal papers. We are also accepting submissions for for talks and presentations. If you have a proposal, please contact us on papers@bsdcan.org. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
OpenSSH 3.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 3.7.1: ============================ * sshd(8) now supports forced changes of expired passwords via /usr/bin/passwd or keyboard-interactive authentication. Note for AIX: sshd will now deny password access to accounts with passwords expired longer than their maxexpired attribute. For details, see the AIX section in README.platform. * ssh(1) now uses untrusted cookies for X11-Forwarding. Some X11 applications might need full access to the X11 server, see ForwardX11Trusted in ssh(1) and xauth(1) for more information. * ssh(1) now supports sending application layer keep-alive messages to the server. See ServerAliveInterval in ssh(1) for more information. * Improved sftp(1) batch file support. * New KerberosGetAFSToken option for sshd(8). * Updated /etc/moduli file and improved performance for protocol version 2. * Support for host keys in DNS (draft-ietf-secsh-dns-xx.txt). Please see README.dns in the source distribution for details. * Fix a number of memory leaks. * The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks. The two versions are not compatible. Checksums: ========== - MD5 (openssh-3.8.tgz) = 7d5590a333d8f8aa1fa6f19e24938700 - MD5 (openssh-3.8p1.tar.gz) = ...
Hello all, We are happy to announce the 2nd AsiaBSDCon will be held on March 8-11, 2007, in the University of Tokyo, Japan. The AsiaBSDCon 2007 Call for Papers is available at http://asiabsdcon.org/, and more detailed information about this conference will also be available there soon. Important dates are: 18 Aug 2006 Extended abstracts for papers and presentations acceptance begins 1 Nov 2006 Extended abstracts for papers and presentations acceptance ends 1 Dec 2006 Authors and presenters notified by the program committee 31 Jan 2007 Final papers and presentations due Please contact secretary@asiabsdcon.org if you have any questions. We look forward to receiving your submissions! -- Hiroki Sato
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the system or in
sshd_config) contain a buffer overflow.
Token passing is disabled by default and only available in
protocol version 1.
2. Impact:
Remote users can get privileged access for OpenSSH < 2.9.9
Local users can get privileged access for OpenSSH < 3.2.1
No privileged access is possible for OpenSSH with
UsePrivilegeSeparation enabled.
3. Solution:
Apply the matching patch:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.1-adv.token.patch
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1-adv.token.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/019_sshafs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/001_sshafs.patch
4. Credits:
Marcell Fodor <m.fodor@mail.datanet.hu>
EOF
